Make escapenoentities work again, broken by r68801

author Aryeh Gregor <simetrical@users.mediawiki.org>

Fri, 2 Jul 2010 16:42:24 +0000 (16:42 +0000)

committer Aryeh Gregor <simetrical@users.mediawiki.org>

Fri, 2 Jul 2010 16:42:24 +0000 (16:42 +0000)
author Aryeh Gregor <simetrical@users.mediawiki.org>
Fri, 2 Jul 2010 16:42:24 +0000 (16:42 +0000)
committer Aryeh Gregor <simetrical@users.mediawiki.org>
Fri, 2 Jul 2010 16:42:24 +0000 (16:42 +0000)
diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php

index ce508c3..6b1caf7 100644 (file)
--- a/includes/Sanitizer.php
+++ b/includes/Sanitizer.php
@@ -1059,11 +1059,10 @@ class Sanitizer {
          * @return String: escaped input
          */
         static function escapeHtmlAllowEntities( $html ) {
+               $html = Sanitizer::decodeCharReferences( $html );
                 # It seems wise to escape ' as well as ", as a matter of course.  Can't
                 # hurt.
                 $html = htmlspecialchars( $html, ENT_QUOTES );
-               $html = str_replace( '&amp;', '&', $html );
-               $html = Sanitizer::decodeCharReferences( $html );
                 return $html;
         }
author	Aryeh Gregor <simetrical@users.mediawiki.org>
	Fri, 2 Jul 2010 16:42:24 +0000 (16:42 +0000)
committer	Aryeh Gregor <simetrical@users.mediawiki.org>
	Fri, 2 Jul 2010 16:42:24 +0000 (16:42 +0000)